package bigbank.web;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;

import bigbank.Account;
import bigbank.BankService;

@Controller
public class PostAccounts {

    @Autowired
    private BankService bankService;

//    @Autowired
//    public PostAccounts(BankService bankService) {
//        this.bankService = bankService;
//    }

    @RequestMapping("/post.html")
    public String handleRequest(@RequestParam Long id, @RequestParam Double amount) throws Exception {
        // Security check (this is unnecessary if Spring Security is performing the authorization)
//        if (!request.isUserInRole("ROLE_TELLER")) {
//            throw new AccessDeniedException("You must be a teller to post transactions (Spring Security message)");
//        }

        Account a = bankService.readAccount(id);
        bankService.post(a, amount);
        return "redirect:listAccounts.html";
    }

}
